Research: SmarTor – Improving the security of Tor via smart contracts

As state surveillance is currently increasing in many parts of the world, privacy and anonymous technologies have become more essential than ever before. The Tor project is by far one of the most important privacy tools for anonymous online access. Within the Tor network, Directory Authorities (DAs) operate to distribute the topology information needed to construct anonymity preserving circuits, or paths. These DAs obtain topology information from the Tor network (vote) and follow a special consensus protocol to confirm an aggregated version, or a consensus, of this collected information, which is thereafter broadcast by every DA. Throughout this process, numerical data is collected via means of the lower median value. According to this rule of the majority, and because only nine DAs exist across the network, compromising no more than five of them is usually enough to arbitrarily alter topology information. An adversary can exploit this weakness to hide information related to honest network relay nodes, which forward information in the Tor circuits. This attack can totally compromise circuits across the network, which will entirely undermine all privacy guarantees.

A recently published study proposed a novel system model, named SmarTor, that aims at boosting Tor’s resilience against attacks targeting the DAs via distribution of the work performed by these trusted authorities. SmarTor combines several innovative technologies including trusted execution environments, the blockchain, and Ethereum based smart contracts. SmarTor’s system model replaces DAs with a smart contract on Ethereum’s blockchain, in addition to a decentralized network on untrusted entities that perform bandwidth measurements. The prototype of SmarTor relies on Ethereum based smart contracts and Intel SGX highly secure hardware.

The idea behind SmarTor:

Even though attacks against DAs can require enormous technical and financial resources, the gain from success of such an attack can be outstanding, i.e. total anonymization of Tor users. To shield the network against such attacks, SmarTor is designed to distribute trust among a larger group of entities. SmarTor achieves this via the use of smart contracts, which are blockchain based computer programs that enable conditional data processing within the associated blockchain. Smart contract code is securely and verifiably executed in a decentralized manner. To tamper with data recorded onto a blockchain, an adversary would have to control more than 50% of its computational power, which, in the case of Ethereum, would require the energy output of a nuclear plant. Moreover, due to the P2P system of distribution of data on blockchains, launching a DDoS attack is extensively hard on such a system. Consequently, relay nodes’ (RNs’) access information can be stored via means of a smart contract, which guarantees that this information can be only altered or deleted by its owner.

Nevertheless, using smart contracts instead of DAs is not a straightforward process because the topology information is also associated with bandwidth measurements of the relay nodes. Five out of the nine DAs are responsible for measuring the bandwidth and voting on the measured value and, hence, take the role of a Bandwidth Authority (BA). This measurement is pivotal because the probability of a RN being selected within a circuit is directly proportionate to its bandwidth. Without actual measurements, an adversary can lie regarding the bandwidth of their relay nodes in return for being assigned more network traffic for facilitation of deanonymization attacks. Nonetheless, smart contracts cannot undergo bandwidth measurements, since they lack synchronous communications and their time notion is limited to minutes or even seconds.

To solve this problem, the developers of SmarTor replaced the BAs with a decentralized group of untrusted Bandwidth Measurers (BMs). These developed BMs execute a special measurement script and send its results to the smart contract which aggregates them. This measurement script is under the protection of a Trusted Execution Environment (TEE) and a redundancy as well as a reputation score are formulated to identify and rule out the existence of any misbehaving BMs.

SmarTor’s system model:

The system model of SmarTor is illustrated in the below figure.

Figure (1): The system model of SmarTor

The system model of SmarTor involves the following elements of Tor’s infrastructure: Relay Nodes (RNs), Tor Clients (TCs), and Tor hidden web services (TWS). Within SmarTor’s framework, the functionality of both of the DAs and the BAs is distributed to two entity types: the smart contract and the Bandwidth Measurers (BMs). The smart contract is a special form of computing program recorded onto the blockchain, and BMs are under control of volunteers, such as users already operating Tor relay nodes, blockchain validators (miners), or any other type of user. BM platforms are equipped with Intel SGX hardware, which represents a hardware TEE where programs can execute highly secure operations, such as signing and encryption, in isolation of the remainder of the system model.

Evaluation of SmarTor:

Developers of SmarTor measured 11 relay nodes during a period of two weeks. Five out of these 11 relay nodes did not produce expected results. However, the remaining six relay nodes produced measurements that were seven times as accurate and two times as reliable as the currently utilized method. The developers of the system provided a proof-of-concept (PoC) implementation and proved that their proposed model yields more valid and reliable bandwidth measurements, when compared to the present system.

Final thoughts:

Even though SmarTor has proven to be effective and secure, bandwidth measurers are supposed to be operated by volunteers, who won’t be incentivized for implementing the system, which can affect the popularity of SmarTor. Nevertheless, as operating smart contracts on Ethereum’s blockchain costs gas, future studies should investigate innovative incentive models for bandwidth measurers.